Volume, Velocity & Variety: The Emerging SecOps Regime

Volume, Velocity & Variety: The Emerging SecOps Regime

Big Data aficionados should be familiar with data volume, velocity and variety as the key pillars that distinguish modern analytics environments from the prior generation. A similar trend is taking shape in infrastructure security with the adoption of public clouds and micro services architectures, significantly complicating the Security Operations (SecOps) job.

According to Datadog, there are 185 million Docker containers in use across 10,000 companies or 18,500 containers per company on average, for those that do use Docker! If this is any harbinger of scale, SecOps teams will continue to have a lot on their hands. Automated profiling and management of risk is the only way to secure an environment with such volumes.

Several company’s DevOps organizations, are pushing code as often as several times a day – Amazon.com, for example, deploys every 11 seconds (see Velocity Culture). Compound that with the desire to optimize costs via auto-scaling approaches. The average container lifecycle is 2.5 days while the average virtual machine lasts 14 days, likely reflecting the transient nature of auto-scale workloads. An inadvertent configuration change or a vulnerable package in a high velocity continuous deployment can jeopardize your security posture. Active monitoring of infrastructure and timely remediation of gaps in security are keys to SecOps success.

According to Forbes citing RightScale’s 2017 State of the Cloud Survey: “85% of enterprises have a multi-cloud strategy today, up from 82% in 2016, 58% are planning a hybrid cloud strategy, up from 55% a year ago. RightScale also found an increase in the number of enterprises planning for multiple public clouds (up from 16% to 20%)”.

In my experience, such heterogeneity is necessary for those that want to separate Development, Test and Production environments, enterprises transitioning from private to public clouds or those picking public clouds optimized for specific workloads or services. SecOps professionals dealing with so much variety in one enterprise will be best served by a unified approach to infrastructure security across public/private/hybrid clouds, across virtualized v. containerized deployments and between public clouds.

Are you ready for the security challenges driven by volume, velocity and variety?

To get you started, check out our latest Webinar featuring DevSecOps expert and writer, Gregory Bledsoe. He discusses security automation for the age of unprecedented change and how to do it better than before while moving faster than ever! For more information on Cavirin's SecOps solution, click here.

About Cavirin

Cavirin is the only organization that delivers cyberposture intelligence for the hybrid cloud by providing real-time risk & cybersecurity posture management, continuous compliance, further integrating security into DevOps.